Vulnerability CVE-2013-1874

Vulnerability CVE-2013-1874

Published: 2014-09-29 Modified: 2014-09-30

Description:

Untrusted search path vulnerability in csi in Chicken before 4.8.2 allows local users to execute arbitrary code via a Trojan horse .csirc in the current working directory.

Type:

CWE-Other

CVSS2 => (AV:L/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score	Impact Subscore	Exploitability Subscore
4.4/10	6.4/10	3.4/10

Exploit range	Attack complexity	Authentication
Local	Medium	No required
Confidentiality impact	Integrity impact	Availability impact
Partial	Partial	Partial

Affected software
Call-cc -> Chicken

References:

http://xforce.iss.net/xforce/xfdb/85065

http://www.securityfocus.com/bid/58583

http://www.osvdb.org/91520

http://seclists.org/oss-sec/2013/q1/692

http://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git;a=blob;f=NEWS;h=c21c7cf9d1faf4f78736890ac7ca1d4b82d72ddd;hb=c6750af99ada7fa4815ee834e4e705bcfac9c137

Vulnerability CVE-2013-1874

Untrusted search path vulnerability in csi in Chicken before 4.8.2 allows local users to execute arbitrary code via a Trojan horse .csirc in the current working directory.

CWE-Other

CVSS2 => (AV:L/AC:M/Au:N/C:P/I:P/A:P)

4.4/10

6.4/10

3.4/10

Local

Medium

No required

Partial

Partial

Partial

Affected software

References: